[sheepdog-users] [PATCH stable-0.8 12/22] fec: fix buffer overrun
Hitoshi Mitake
mitake.hitoshi at lab.ntt.co.jp
Mon Feb 24 08:07:00 CET 2014
From: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp>
After all the parities are set to out[], p will increase beyond
ctx->dp. This adds a check for it.
This also adds assert() to make sure that we don't overrun the buffer.
Signed-off-by: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp>
---
lib/fec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/fec.c b/lib/fec.c
index 7d897e4..5d627f5 100644
--- a/lib/fec.c
+++ b/lib/fec.c
@@ -602,9 +602,10 @@ static inline void decode_prepare(struct fec *ctx, const uint8_t *dp[],
out[i] = dp[i];
outidx[i] = i;
} else {
+ assert(p < ctx->dp);
out[i] = dp[p];
outidx[i] = p;
- while (!dp[++p])
+ while (++p < ctx->dp && !dp[p])
;
}
}
--
1.7.10.4
More information about the sheepdog-users
mailing list